Total
755 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-4894 | 2 Hp, Samsung | 2046 1vr14a, 1vr14a Firmware, 209u7a and 2043 more | 2024-02-28 | N/A | 7.3 HIGH |
Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element. | |||||
CVE-2021-41544 | 1 Siemens | 1 Software Center | 2024-02-28 | N/A | 7.8 HIGH |
A vulnerability has been identified in Siemens Software Center (All versions < V3.0). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. | |||||
CVE-2023-37490 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-02-28 | N/A | 9.0 CRITICAL |
SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the confidentiality, integrity, and availability of the system | |||||
CVE-2022-47636 | 1 Outsystems | 1 Service Studio | 2024-02-28 | N/A | 7.8 HIGH |
A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user. | |||||
CVE-2023-35897 | 1 Ibm | 2 Storage Protect, Storage Protect Client | 2024-02-28 | N/A | 7.8 HIGH |
IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246. | |||||
CVE-2023-3078 | 1 Lenovo | 1 Universal Device Client | 2024-02-28 | N/A | 7.8 HIGH |
An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | |||||
CVE-2023-23577 | 1 Intel | 3 Ite Tech Consumer Infrared Driver, Nuc 11 Enthusiast Kit Nuc11phki7c, Nuc 11 Enthusiast Mini Pc Nuc11phki7caa | 2024-02-28 | N/A | 7.3 HIGH |
Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-40352 | 1 Mcafee | 1 Safe Connect | 2024-02-28 | N/A | 7.2 HIGH |
McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs. | |||||
CVE-2023-22841 | 1 Intel | 2 C621a, Server Firmware Update Utility | 2024-02-28 | N/A | 7.3 HIGH |
Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-34355 | 1 Intel | 2 Integrated Bmc Video Driver, Server Board M10jnp2sb | 2024-02-28 | N/A | 7.3 HIGH |
Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-25944 | 1 Intel | 1 Vcust Tool | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd 2023 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-3662 | 1 Codesys | 1 Development System | 2024-02-28 | N/A | 7.3 HIGH |
In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context . | |||||
CVE-2023-36344 | 1 Dieboldnixdorf | 1 Vynamic View | 2024-02-28 | N/A | 7.8 HIGH |
An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature. | |||||
CVE-2023-25182 | 1 Intel | 1 Unite | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-37849 | 1 Watchguard | 1 Panda Security Vpn | 2024-02-28 | N/A | 6.5 MEDIUM |
A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.exe. | |||||
CVE-2023-31016 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2024-02-28 | N/A | 7.8 HIGH |
NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | |||||
CVE-2023-28380 | 1 Intel | 1 Ai Hackathon | 2024-02-28 | N/A | 8.8 HIGH |
Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
CVE-2023-28823 | 1 Intel | 29 Advisor For Oneapi, Cpu Runtime For Opencl Applications, Distribution For Python Programming Language and 26 more | 2024-02-28 | N/A | 7.3 HIGH |
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-43703 | 1 Arm | 2 Arm Development Studio, Ds Development Studio | 2024-02-28 | N/A | 7.8 HIGH |
An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files. | |||||
CVE-2023-39374 | 1 Forescout | 1 Secureconnector | 2024-02-28 | N/A | 7.8 HIGH |
ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element |